Описание
ELSA-2014-1194: conga security and bug fix update (MODERATE)
[0.12.2-81.0.2.el5]
- Replaced redhat logo image in Data.fs
[0.12.2-81.0.1.el5]
- Added conga-enterprise-Carthage.patch to support OEL5
- Replaced redhat logo image in conga-0.12.2.tar.gz
[0.12.2-81]
- luci: prevent non-admin user from unauthorized executive access Resolves: rhbz#1089310
[0.12.2-79]
- luci: drop unsuccessful monkey patch application wrt. Plone 20121106 advisory Related: rhbz#956861
[0.12.2-78]
- luci: reflect startup_wait parameter added in postgres-8 RA Resolves: rhbz#1065263
- luci: Multiple information leak flaws in various luci site extensions Resolves: rhbz#1076148
[0.12.2-72]
- luci: fix mishandling of distro release string Resolves: rhbz#1072075
- luci: fix initscript does not check return values correctly Resolves: rhbz#970288
- ricci: fix end-use modules do not handle stdin polling correctly Resolves: rhbz#1076711
[0.12.2-69]
- luci: apply relevant parts of Plone 20121106 advisory (multiple vectors) Resolves: rhbz#956861
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
luci
0.12.2-81.0.2.el5
ricci
0.12.2-81.0.2.el5
Oracle Linux x86_64
luci
0.12.2-81.0.2.el5
ricci
0.12.2-81.0.2.el5
Oracle Linux i386
luci
0.12.2-81.0.2.el5
ricci
0.12.2-81.0.2.el5
Ссылки на источники
Связанные уязвимости
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.